YouTube Hack Targets Fans Of Teenager Singer

The fans of singer Justin Bieber have been targetted by hackers who used a cross-site scripting vulnerability on video sharing site YouTube.

Using the vulnerability, the attackers were able to insert HTML code into YouTube pages devoted to Bieber and greet fans with redirects to adult content as well as a numerous pop-up messages, including one claiming the 16-year-old star had been killed in a car accident.

Fans Targeted

The attackers placed the code in the comment section of the pages, prompting Google to temporarily hide comments Sunday by default.

Other pages unrelated to Bieber were reportedly targeted as well.

According to Google, a fix for the issue was rolled out about 2 hours after it was discovered.

“We’re continuing to study the vulnerability to help prevent similar issues in the future,” a Google spokesperson told eWEEK on Sunday.

Code Loopholes

The vulnerability allowed the attackers to bypass the filter normally used to police YouTube comments.

“Clearly YouTube is a big target, as it has so many millions of visitors every day, and you would hope that their web team will investigate what went wrong with their processes, and explore if they are reviewing code properly before it is made live to ensure that loopholes aren’t left in their code in future,” noted Graham Cluley, senior technology consultant at Sophos.

Poor Justin Bieber has also unwittingly committed himself to a tour of North Korea, after he asked fans to vote on Twitter which country he should visit next. Pranksters “clickswarmed” more than half a million votes for North Korea … although it is unlikely Bieber would get permission to responded from Kim Jong Il to tour there.

By a strange coincidence, Internet hackers seem to have a preference for teen popsters that happen to be Canadian. Girl music sensation Avril Lavigne had her name immortalised by the Lirva worm in 2003